Description
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
Remediation
References
Related Vulnerabilities
WordPress Plugin uContext for Clickbank Cross-Site Request Forgery (3.9.1)
WordPress Plugin Geo Mashup Cross-Site Scripting (1.8.2)
osCommerce Incorrect Comparison Vulnerability (CVE-2020-23360)
WordPress Plugin aoringo TAG upper Cross-Site Scripting (0.1.6)
WordPress Plugin User Meta 'uploader.php' Arbitrary File Upload (1.1.1)